<?php
require_once("bin/data.php");
require_once("bin/requirecredentials.php");
@session_start();

//no one is allowed to use this form unless they are logged in. So it 
// is checked first.
if (!isset($_COOKIE['userid'])||(strlen($_COOKIE['userid'])<1)||($_COOKIE['userid']=='-1'))
{
	// if session info is missing, switch to sign in page.
	header("Location:signin.php");
}

// since I now know that the user is logged in, I will obtain his credentials
$user = getUser(@$_SESSION['userid']);
$userid = $user['id'];

// set up variables
$recordid = "";
$category = "";
$recordtitle = "";
$description = "";
$gdf = "";
$action = "u";
$actionValue = "Upload";
$deleteButton = "";

initializeGlobals();
// next, I need to know if this is an edit mode form, or create-mode.
// It would be edit if the following is true:
//	1. a querystring with "e"=1 is passed
//	2. the user requesting is the same as the creating user

if (isset($_REQUEST['e']))
{
	// requesting to edit this record
	$title="Edit Glide";
	$action = "eu";
	$actionValue = "Update";
	
	//The user may also choose to delete from
	// this screen
	$deleteButton = <<<EOF
	<script LANGUAGE="JavaScript">
<!--
// Nannette Thacker http://www.shiningstar.net
function confirmSubmit()
{
var agree=confirm("Are you sure you want to delete {$recordtitle}?");
if (agree)
	return true ;
else
	return false ;
}
// -->
</script>
	<input type="submit" name="dc" id="dc" value="Delete" onClick="return confirmSubmit()" />
EOF;
}
elseif(isset($_REQUEST['eu']))
{
	//the user has pressed the update button after editing.
	updateRecord();
}
elseif(isset($_REQUEST['dc']))
{
	//this is a delete confirm. Yes, I really want to delete
	deleteRecord();
}
elseif (isset($_REQUEST['u']))
{
	//this is uploading the created content.
	createRecord();
}
else
{
	//this is not edit, delete or delete confirm. This is create.
	$title = "New Glide";
	$action = "u";
	$actionValue = "Upload";
}

$categorylist = getCategoryList($category);


$header = "";
$link = "";
$footer="";

$content= <<<EOF

<div id="formentry">
<h2>{$title}</h2>
<form action="upload.php" method="post">
<input hidden name="rid" id="rid" value="{$recordid}" />
<table width="100%">
<tr>
	<td align="right">
		<span>Category:</span>
	</td>
	<td>
		<select name="c" id="c">{$categorylist}</select>
	</td>
</tr>
<tr>
	<td align="right">
		<span>Title:</span>
	</td>
	<td>
		<input type="text" name="t" id="t" value="{$recordtitle}" />
	</td>
</tr>
<tr>
	<td align="right">
		<span>Description:</span>
	</td>
	<td>
		<input type="text" name="d" id="d" value="{$description}" />
	</td>
</tr>
<tr>
	<td align="right" valign="top">
		<span>Definition:</span>
	</td>
	<td>
		<textarea rows="15" cols="70" name="g" id="g" >{$gdf}</textarea>
	</td>
</tr>
<tr>
	<td></td>
	<td>
		<input type="submit" name="{$action}" id="{$action}" value="{$actionValue}" />
		{$deleteButton}
	</td>
</tr>
</table>
</form>
</div>
<script type="text/javascript" src="script/glideeditor.js" ></script>
EOF;

function initializeGlobals()
{
	global $tblrecords;
	
	global $recordid;
	global $category;
	global $recordtitle;
	global $description;
	global $gdf;
	
	$recordid = mysql_real_escape_string(@$_REQUEST['rid']);
	
	if (isset($_REQUEST['e']))
	{
		$sql = "SELECT * FROM `$tblrecords` where id = ".$recordid;
		$result = @mysql_query($sql);
		$row=@mysql_fetch_row($result);
		$recordtitle = $row[2];
		$category = $row[6];
		$description = $row[3];
		$gdf = $row[4];
		
	}
	else
	{
		$category = mysql_real_escape_string(@$_REQUEST['c']);
		$recordtitle = mysql_real_escape_string(@$_REQUEST['t']);
		$description = mysql_real_escape_string(@$_REQUEST['d']);
		$gdf = @$_REQUEST['g'];
	}
}
function createRecord()
{
	global $tblrecords;
	
	global $recordid;
	global $category;
	global $recordtitle;
	global $description;
	global $gdf;
	global $userid;
	
	$sql = "INSERT INTO `$tblrecords` VALUES 
		(
		NULL,
		'$userid',
		'$recordtitle',
		'$description',
		'$gdf',
		CURRENT_TIMESTAMP,
		'$category',
		'0'
		);";
	$result = mysql_query($sql) or die(mysql_error() );
	if ($result > 0)
	{
		// get the last id
		$lastid=mysql_insert_id();
		header("Location:channel.php?view=$lastid");
	}
}

/*
	Trying to update a record
*/
function updateRecord()
{
	global $tblrecords;
	
	global $recordid;
	global $category;
	global $recordtitle;
	global $description;
	global $gdf;
	global $userid;
	
	$sql = "UPDATE `$tblrecords` SET
			userid = '$userid',
			title = '$recordtitle',
			description = '$description',
			gdf = '$gdf',
			datecreated = CURRENT_TIMESTAMP,
			categoryid = '$category'
		WHERE id = '$recordid';";
	$result = mysql_query($sql) or die(mysql_error() );
	if ($result > 0)
	{
		header("Location:channel.php?view=$recordid");
	}
}
function deleteRecord()
{
	global $tblrecords;
	
	global $recordid;
	
	$sql = "UPDATE `$tblrecords` SET
			isdeleted = '1'
		WHERE id = '$recordid';";
	$result = mysql_query($sql) or die(mysql_error() );
	if ($result > 0)
	{
		//return somepace safe
		header("Location:index.php");

	}
}
include ("base.php");
echo $html;
?>
